Facebook said a bug that allowed third-party app developers to access private photos of its users without their permission could impact as many as 6.8 million people.

In an announcement on the social network’s blog Friday, the company said the photos accessed includes one that users started to upload but had not yet been posted and images posted on Facebook Stories.

Users’ photos were exposed between Sept. 13 and 25. It’s believed up to 1,500 apps built by 876 developers had access during this time.

“We’re sorry this happened,” Tomer Bar, an engineering director for the company, said in the post.

The company is urging any users who have shared their Facebook photos to other apps to check which photos those apps have access to.

It will be notifying users potentially impacted by the bug through an alert on Facebook.

The information Facebook gives to third-party app developers has been under scrutiny this year, specifically around the Cambridge Analytica data scandal, after a whistle blower came forward alleging that the British political consulting firm harvested personal information of more than 50 million Facebook profiles.